linux/net
Jarek Poplawski 8b9d372897 net: Fix data corruption when splicing from sockets.
The trick in socket splicing where we try to convert the skb->data
into a page based reference using virt_to_page() does not work so
well.

The idea is to pass the virt_to_page() reference via the pipe
buffer, and refcount the buffer using a SKB reference.

But if we are splicing from a socket to a socket (via sendpage)
this doesn't work.

The from side processing will grab the page (and SKB) references.
The sendpage() calls will grab page references only, return, and
then the from side processing completes and drops the SKB ref.

The page based reference to skb->data is not enough to keep the
kmalloc() buffer backing it from being reused.  Yet, that is
all that the socket send side has at this point.

This leads to data corruption if the skb->data buffer is reused
by SLAB before the send side socket actually gets the TX packet
out to the device.

The fix employed here is to simply allocate a page and copy the
skb->data bytes into that page.

This will hurt performance, but there is no clear way to fix this
properly without a copy at the present time, and it is important
to get rid of the data corruption.

With fixes from Herbert Xu.

Tested-by: Willy Tarreau <w@1wt.eu>
Foreseen-by: Changli Gao <xiaosuo@gmail.com>
Diagnosed-by: Willy Tarreau <w@1wt.eu>
Reported-by: Willy Tarreau <w@1wt.eu>
Fixed-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-19 17:03:56 -08:00
..
9p net/9p: fid->fid is used uninitialized 2009-01-19 16:20:15 -08:00
802
8021q vlan: add neigh_setup 2009-01-08 10:50:20 -08:00
appletalk appletalk: convert aarp to net_device_ops 2009-01-07 17:21:44 -08:00
atm
ax25
bluetooth bluetooth: driver API update 2009-01-07 17:23:17 -08:00
bridge netfilter 05/09: ebtables: fix inversion in match code 2009-01-12 21:18:35 -08:00
can can: fix slowpath issue in hrtimer callback function 2009-01-14 21:06:55 -08:00
core net: Fix data corruption when splicing from sockets. 2009-01-19 17:03:56 -08:00
dcb DCB: fix kfree(skb) 2009-01-04 17:29:21 -08:00
dccp dccp ccid-3: Fix RFC reference 2009-01-11 00:17:22 -08:00
decnet
dsa dsa: convert to net_device_ops (v2) 2009-01-06 16:45:26 -08:00
econet
ethernet
ipv4 gso: Ensure that the packet is long enough 2009-01-14 20:41:12 -08:00
ipv6 ipv6: Fix fib6_dump_table walker leak 2009-01-13 22:17:51 -08:00
ipx
irda tty: Fix an ircomm warning and note another bug 2009-01-02 10:19:43 -08:00
iucv s390: remove s390_root_dev_*() 2009-01-06 10:44:34 -08:00
key
lapb
llc
mac80211 mac80211: fix "‘ret’ may be used uninitialized" warning 2009-01-13 10:25:45 -05:00
netfilter netfilter 08/09: xt_time: print timezone for user information 2009-01-12 21:18:36 -08:00
netlabel netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
netlink genetlink: export genl_unregister_mc_group() 2009-01-07 10:00:17 -08:00
netrom
packet
phonet phonet: update to net_device_ops 2009-01-07 17:24:34 -08:00
rfkill net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning 2009-01-04 17:11:24 -08:00
rose
rxrpc
sched pkt_sched: sch_htb: Break all htb_do_events() after 2 jiffies 2009-01-12 21:54:40 -08:00
sctp fix similar typos to successfull 2009-01-08 08:31:15 -08:00
sunrpc SUNRPC: The sunrpc server code should not be used by out-of-tree modules 2009-01-07 17:18:42 -05:00
tipc net/tipc/bcast.h: use ARRAY_SIZE 2009-01-11 00:06:33 -08:00
unix introduce new LSM hooks where vfsmount is available. 2008-12-31 18:07:37 -05:00
wanrouter
wimax wimax: testing for rfkill support should also test for CONFIG_RFKILL_MODULE 2009-01-08 11:08:01 -08:00
wireless wireless: convert wireless ioctl to net_device_ops 2009-01-06 10:42:24 -08:00
x25
xfrm xfrm: For 32/64 compatability wrt. xfrm_usersa_info 2009-01-14 14:55:35 -08:00
compat.c
Kconfig wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
Makefile wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
nonet.c
socket.c [CVE-2009-0029] System call wrappers part 22 2009-01-14 14:15:27 +01:00
sysctl_net.c
TUNABLE